Hospital compliance officers must think beyond “security” when it comes to text messaging

Today, hospitals know that they need to find HIPAA compliant communication solutions, but often to struggle to identify the right solution and/or to identify (or agree on) who is actually responsible for finding the right solution.

They are starting to realize that finding the right secure communication solution is more than just a technology decision. With ultimate responsibility for adherence to health care regulatory enforcement and compliance activities, more and more compliance officers are now finding themselves playing a key role in that decision-making process. In that new role, they typically work closely with hospital administrators, IT and physician leaders to choose a solution.

We recently spoke with compliance expert John Finley about this topic. His 15-year career has spanned a number of compliance and regulatory roles at WakeMed Health & Hospitals, CHRISTUS Health, Aetna and the FDA.

Finley says that while there may be some confusion around The Joint Commission’s recommendations, there is no official ruling that prohibits hospitals from using secure texting. He knows that texting is a reality of life, and that it has become a regular practice for physicians. He says that he and probably 90% of his peers support the use of texting, if it’s done in a secure manner and doesn’t result in a breach.

“The bottom line is that physicians are already doing it, and it can help deliver better care to patients. We just need to figure out the best way to support that, while minimizing a hospital’s risk and exposure,” Finley explains.

At a minimum, a secure texting solution should meet a checklist of basic security requirements including:

Encrypted at rest and in motion

Cloud based – nothing stored on phone

Secure messages pincode protected (not just phone code)

Ability to remotely wipe if lost/stolen

But, Finley emphasized that he and his compliance counterparts need to focus on more than just security and compliance, when thinking about text messaging technology.

We agree. While checking off a list of standard security requirements is a good starting point, choosing a solution can’t stop there. Hospitals still need to balance compliance and security with overriding business goals such as:

Improving care

Reducing costs

Increasing growth

To support these goals, hospitals should look for a solution that offers a number of other benefits including:

Finley also emphasized that technology is only one part of a true secure messaging “solution”, and that hospitals need to implement policies and practices that support the use of these technologies. They are increasingly looking to vendors to help provide these “guardrails for proper texting” and to help them think through a number of “what if scenarios” to ensure ongoing compliance and usage.

It’s also important for hospitals to think about communication outside their own four walls. Implementing a secure communication solution becomes more complicated when it has to be managed across a wider care continuum. Today, hospitals must collaborate with multiple providers and rely heavily on physician referrals. As a result, they need to communicate and share patient information across numerous organizations.

A solution that supports in-hospital communication only or in-hospital workflows only, won’t truly address their communication or compliance needs, and won’t truly improve overall patient care. The right secure communication solution should support communication, collaboration and care coordination across the entire patient care continuum.

If you would like to learn more about how MD Interconnect does just that, or to learn how WakeMed addresses the need for HIPAA-compliant messaging, let us know. You can also read the WakeMed case study here.